WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 832 2012-03-04 21:17:43Z richard $
+#  $Id: alcasar.sh 835 2012-03-11 22:21:27Z richard $
 # alcasar.sh
 # by Franck BOUIJOUX, Pascal LEVANT and Richard REY
 # This script is distributed under the Gnu General Public License (GPL)
 	echo "request_timeout 5 minutes" >> /etc/squid/squid.conf
 	echo "persistent_request_timeout 2 minutes" >> /etc/squid/squid.conf
 	echo "cache_mem 256 MB" >> /etc/squid/squid.conf
 	echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf
 	echo "maximum_object_size     4096 KB" >> /etc/squid/squid.conf
-# anonymisation de la version de squid
+# anonymisation of squid version
 	echo "via off" >> /etc/squid/squid.conf
-# suppression de la primitive http 'X_forwarded'
+# remove the 'X_forwarded' http option
 	echo "forwarded_for delete" >> /etc/squid/squid.conf
+# linked squid output in HAVP input
+	echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf
+	echo "never_direct allow all" >> /etc/squid/squid.conf
-# pour éviter les message d'erreur lors des changement d'état des interfaces réseaux
+# avoid error messages on network interfaces state changes
 	$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid
-# Initialisation du cache de Squid
+# Squid cache init
 	/usr/sbin/squid -z
 }  # End of param_squid ()
 ##################################################################
 ##		Fonction param_dansguardian			##
 	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
 # la page d'interception est en français
 	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
 # on limite l'écoute de Dansguardian côté LAN
 	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
-# on chaîne Dansguardian au proxy antivirus HAVP
+# on chaîne Dansguardian au proxy cache SQUID
-	$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
+	$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf
 # on remplace la page d'interception (template)
 	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
 	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
 # on ne loggue que les deny (pour le reste, on a squid)
 	$SED "s?^loglevel =.*?loglevel = 1?g" $DIR_DG/dansguardian.conf
 	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
 	$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
 # configuration d'HAVP
 	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
 	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
-	$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config		# datas come from DG
-	$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config		# datas are send to squid (3128)
 	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090
 	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
 	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
 	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
 	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
+	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
+	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
 # remplacement du fichier d'initialisation
 	[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
 	cp -f $DIR_CONF/havp-init /etc/init.d/havp
 # on remplace la page d'interception (template)
 	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 832 → 835